Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer II


Guys Passed my CCSP Yesterday!


My prep details:

1. Official CCSP Study Guide

2. Official ISC2 CBK

3. Ben's Exam official questions


I have 12 year of secuirty experiance which was the number one help. The test is not for people who memorize things, you need deep understanding of the topics. Hope it helps. 

14 Replies
ISC2 Former Staff

Congratulations, @akhan1!! 



Samantha O'Connor
(ISC)² Online Community Manager
Newcomer II

Thanks Samantha! 

Newcomer I

Congratulations on passing the CCSP.

I have been preparing for 2 months now and would like to give the test in 2-3 weeks. However, I wasn't able to find much info on how well the books (I purchased the ISC2's Official CBK, ISC2's Official study guide, ISC2's Official Practice Tests & All-In-One) can prepare one for this exam. With full time jobs and families to care for, we cannot prepare for this ($600/expensive) exam indefinitely.

I completed all the chapter practice Qs in CBK, Study Guide & AIO so far with over 80% accuracy (with the exception of Domain 6: Legal And Compliance'll see why below!)


What worries me is Qs like these from the CBK, Practice tests that seem to test one's memory of the standards:

What is the frst international set of privacy controls in the cloud?
a. ISO/IEC 27032
b. ISO/IEC 27005

c. ISO/IEC 27002
d. ISO/IEC 27018


What is domain A.16 of the ISO 27001:2013 standard?
a. Security Policy Management
b. Organizational Asset Management
c. System Security Management
d. Security Incident Management


Have you seen such Qs on the actual test or are they more real-life/practical scenario based that test our ability to have a holistic view of Cloud Security, rather than test for ability to memorize Laws/Regulations that can be easily looked up? Could you please share the best way to test readiness for the actual exam, so that I can schedule the test based on my accuracy on a representative practice test. For ex: is the performance on the Ben's Exam official questions a good proxy for the performance on the actual exam?


Your guidance would be much appreciated.

Thanks a bunch.

Newcomer II

Hello CCSP Preper!


As the confdentaility of the exam I can not coment on the exam content or how it is developed. But I assure you that I had exactly the same feelings/anxiety you have right now. But if you have a deep understaining of the topics then you will pass it. Also it depend on your experiance and past test (for example CISSP) is a big help.


You need to score 700\1000 so if you miss few questions here and there but you can still pass it. 

Some of the questions are straight forward but others were really twisted. Its look like you are well prepared and  like yourself, I prepared for amlost three months and was scoring around 85-90% on the book CBK/official exam questions so I decided to go for exam. I mean there was a time when I could not handle the prep! anymore (as you mentioned, we have lives out side of work :-)) and there is no 100 % statisfactory prep anyway.


What I will recomend that take your full 4 hours time, read every question very carefully, allow yourself one hour for review/revisit. Flag the question/s for review if you have even a slight doubt and revisit. The exam was challaneging but not crazy difficult (that what expect for these type of exam). 


I hope it helps and good luck for the exam!





Newcomer II

Congratulations on passing the CCSP.

I am planning on doing the exam in four weeks.

Do you have any advise???

Newcomer I

I am also taking the exam next month - July 3rd. (good luck) Any advise would be really awesome!  I have read AIO and the Official Study Guide. The books are different so I'm not sure which of the two would help prepare you for the exam?  Now just reviewing study questions from book books and CCSP app.

Newcomer I

I just took the exam on Saturday and passed on the first attempt. I also hold a CISSP, which helped, but more than anything, I agree with the OP that having significant real-world experience in the subject domains coupled with a deep and functional understanding of the topics is a real key.


And, of course, don't forget strong reading comprehension, critical thinking skills and the ability to synthesize information and make good qualitative judgements given situations where all answers or options may be relevant or arguably correct (or at least plausible in some way) - typical skills to succeed on any ISC2 exam (and in real life).


As this is a cloud-focused security exam, the biggest help for me personally was that I have close to two decades of experience in infrastructure, security and software development, including over a decade of significant real-world experience specifically in modern cloud and cloud software development ranging from technical to architectural to managerial.


With my background and experience, I felt right at home with both the material itself and with the exam content. On the other hand, this is definitely a specialized exam that has good bit of detail and nuance, and if you don't have the background and experience in cloud, software development and the related areas and are just trying to learn it for the first time from the study material, then it can be tough.


In fact, going in, even though I felt that I prepared thoroughly for it, I still felt pretty nervous and not sure what I was walking into having read stories of people failing not once, but in some cases multiple times - people for whom this was their first ever exam failure despite holding multiple difficult to obtain information security credentials. I really thought I was going to walk into an exam that was deliberately ambiguous, tricky, poorly written or otherwise not at all congruent with my experience or any of the any of the material I used to prepare.


I am happy to report that was NOT the case at all and that in my experience, the exam questions were very clear, well written and none of the questions were unfair or in some way inconsistent with the objective domains of the exam. As anyone who has taken any ISC2 exam knows, you can expect the exam to test your ability to comprehend, infer and synthesize information to make judgements based on experience and working knowledge - not just be able to memorize and recall facts or simple definitions. So again, this is where the real-world experience and working knowledge of the broad array of topics gives you a huge edge.


The study materials and other material I used covered the vast majority of topics, though not 100% and were not a substitute for real world knowledge and experience. They were as follows:


1. ISC2 CCSP Official Study Guide - Good, in-depth overview of topics. Decent practice questions/tests, but not nearly as good as the official practice tests


2. ISC2 Official Guide to the CCSP CBK (2nd Edition) - Good, in-depth overview of topics. It filled in, explained better, and/or went through a lot of relevant areas that the official study guide did not, so I highly recommend this no matter what other material you choose to use.


3. ISC2 CCSP Official Practice Tests: Large number of very good practice questions across all domains (100-150 each) and 2 full length practice tests. The questions were much better written and edited than the official study guide and were a much better measure of preparedness. Highly recommended. I didn't bother with the book, I just used the online test engine.


4. CCSP All-in-One Exam Guide: I started to read this, but had already read so much other material, I didn't get too far. Plus, I was kind of turned off by the large number of typos and really poor editing job (at least in my Kindle version). Instead, I primarily used the practice questions/exams and the computerized test engine as yet more practice for the exam.


5. CCCure Practice Questions: A couple days before the test, I wanted to try some fresh practice questions I had not seen before, and so I subscribed to CCCure to try their CCSP questions. Overall, I would say they're pretty good. If you opt to use them, you can go with their shortest subscription because there are only 198 questions. They were a good last minute exercise to test my comprehension and retention.


6. CSA: I scanned through the CSA site, programs and some of the CSA documents, but not in too much detail. It was more for familiarity with them.


Beyond preparation, I would say that test taking strategy and skills are also very important. I have taken more professional certification exams than I care to admit, and part of the key to long term success in these exams (especially the harder ones) is good test taking skills and strategy.


Some of my tips and practices are:


1. I complete the entire exam as quickly as I can (I don't rush, however) and don't allow myself to get stuck on any particular question. If I am not sure, I will still choose an answer and mark it. Once I have at least seen and answered all of the questions, there is no more "fear of the unknown" and I have a much better comfort level, feel more relaxed and can better concentrate on those questions where I want or need to spend more time and review.


2. I immediately and habitually eliminate any obviously incorrect answers for any questions. Even in a case where you don't know the right answer with certainty, often this can either get you to it by deduction, or at least give you a 50/50 chance. And where you are fairly or totally certain, having a habit of immediately striking the wrong ones makes the choice even more obvious.


3. I review the entire exam a second time from the beginning. I find that I am in a more relaxed state the second time around since there are no surprises. I am thinking clearly, and generally I do make good decisions with regard to changing answers on occasion provided it is obvious and I am confident about the choice. Otherwise, I do not do it out of fear or uncertainty or second-guessing. If I am really not sure, I will just leave it and not sweat it.


4. With any examination of this sort, I always treat it like a numbers game. I know the score I need to pass, and so I know roughly the number of questions that I can get wrong and still pass the exam. Therefore, I will tally up the number of questions that I am certain I answered correctly versus those I am not. Having eliminated obviously wrong answers even on the ones I am not sure of, I know I have a high likelihood of answering at least some percentage of those correctly. Based on that, most of the time I am able to know with a high degree of confidence by the end of my review whether I have passed the exam or not. If the number of questions I am certain I have answered correctly is well more than the number needed to pass, then I am pretty relaxed in reviewing the ones I was not certain of. On the other hand, if the number I was certain of were very low or insufficient to pass, I would spend much more time and be much more careful in my review.


Anyway, that's my experience with preparing for and taking the exam. Hopefully that is helpful and good luck!





Newcomer II

I agree.  I passed the CCSP on my first attempt in June. The above references give the candidate the base which is needed to draw upon, BUT you need to be able to apply that information in "Real World" scenarios.  Change your pallet to shades of grey.



Newcomer I

Thank you all for the info and help!